CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7

8
  def initialize(info = {})
9
    super(
10
      update_info(
11
        info,
12
        'Name' => 'Multi Gather Resolve Hosts',
13
        'Description' => %q{
14
          Resolves hostnames to either IPv4 or IPv6 addresses from the perspective of the remote host.
15
        },
16
        'License' => MSF_LICENSE,
17
        'Author' => [ 'Ben Campbell' ],
18
        'Platform' => %w[win python],
19
        'SessionTypes' => [ 'meterpreter' ],
20
        'Compat' => {
21
          'Meterpreter' => {
22
            'Commands' => %w[
23
              stdapi_net_resolve_hosts
24
            ]
25
          }
26
        }
27
      )
28
    )
29

30
    register_options([
31
      OptString.new('HOSTNAMES', [false, 'Comma separated list of hostnames to resolve.']),
32
      OptPath.new('HOSTFILE', [false, 'Line separated file with hostnames to resolve.']),
33
      OptEnum.new('AI_FAMILY', [true, 'Address Family', 'IPv4', ['IPv4', 'IPv6'] ]),
34
      OptBool.new('DATABASE', [false, 'Report found hosts to DB', true])
35
    ])
36
  end
37

38
  def run
39
    hosts = []
40
    if datastore['HOSTNAMES']
41
      hostnames = datastore['HOSTNAMES'].split(',')
42
      hostnames.each do |hostname|
43
        hostname.strip!
44
        hosts << hostname unless hostname.empty?
45
      end
46
    end
47

48
    if datastore['HOSTFILE']
49
      ::File.open(datastore['HOSTFILE'], 'rb').each_line do |hostname|
50
        hostname.strip!
51
        hosts << hostname unless hostname.empty?
52
      end
53
    end
54

55
    if hosts.empty?
56
      fail_with(Failure::BadConfig, 'No hostnames to resolve.')
57
    end
58

59
    hosts.uniq!
60

61
    if datastore['AI_FAMILY'] == 'IPv4'
62
      family = AF_INET
63
    else
64
      family = AF_INET6
65
    end
66

67
    print_status("Attempting to resolve '#{hosts.join(', ')}' on #{sysinfo['Computer']}") if sysinfo
68

69
    response = client.net.resolve.resolve_hosts(hosts, family)
70

71
    table = Rex::Text::Table.new(
72
      'Indent' => 0,
73
      'SortIndex' => -1,
74
      'Columns' =>
75
      [
76
        'Hostname',
77
        'IP',
78
      ]
79
    )
80

81
    response.each do |result|
82
      if result[:ip].nil?
83
        table << [result[:hostname], '[Failed To Resolve]']
84
        next
85
      end
86

87
      if datastore['DATABASE']
88
        report_host(
89
          host: result[:ip],
90
          name: result[:hostname]
91
        )
92
      end
93

94
      table << [result[:hostname], result[:ip]]
95
    end
96

97
    table.print
98
  end
99
end
100

101